diff --git a/client/package.json b/client/package.json
index efe9470..1447419 100644
--- a/client/package.json
+++ b/client/package.json
@@ -10,6 +10,7 @@
     "@testing-library/user-event": "^13.5.0",
     "axios": "^0.25.0",
     "bootstrap": "^5.1.3",
+    "dompurify": "^3.0.6",
     "react": "^17.0.2",
     "react-bootstrap": "^2.1.1",
     "react-copy-to-clipboard": "^5.0.4",
diff --git a/client/src/components/Blog/Blog.jsx b/client/src/components/Blog/Blog.jsx
index d741ac5..e479e78 100644
--- a/client/src/components/Blog/Blog.jsx
+++ b/client/src/components/Blog/Blog.jsx
@@ -10,6 +10,7 @@ import axios from "axios";
 import NavBar from "../NavBar/NavBar";
 import Footer from "../Footer/Footer";
 import "./Blog.css";
+import DOMPurify from 'dompurify';
 
 export default function Blog() {
   const { id } = useParams();
@@ -180,7 +181,7 @@ export default function Blog() {
                   <h1>{blog.title}</h1>
                   <div
                     className="blog-content"
-                    dangerouslySetInnerHTML={{ __html: blog.content }}
+                    dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(blog.content) }}
                   ></div>
                 </Card.Body>
               </Card>
diff --git a/server/package.json b/server/package.json
index a0fbf80..b5ecd64 100644
--- a/server/package.json
+++ b/server/package.json
@@ -22,6 +22,7 @@
     "express": "^4.17.2",
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^6.1.8",
-    "multer": "^1.4.4"
+    "multer": "^1.4.4",
+    "sanitize-html": "^2.11.0"
   }
 }
diff --git a/server/routes/user.js b/server/routes/user.js
index 9ac57c4..b57236b 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -5,6 +5,7 @@ const multer = require("multer");
 const cloudinary = require("cloudinary").v2;
 const User = require("../models/user.model");
 const Blog = require("../models/blog.model");
+const sanitizeHtml = require('sanitize-html');
 
 const { CLOUD_NAME, API_KEY, API_SECRET } = process.env;
 
@@ -129,6 +130,9 @@ Router.post("/post/comment/:id", async (req, res) => {
 Router.post("/create", upload.single("image"), async (req, res) => {
   const { title, content, date, token } = req.body;
 
+  const sanitizedTitle = sanitizeHtml(title);
+  const sanitizedContent = sanitizeHtml(content);
+
   if (req.file) {
     cloudinary.uploader.upload(
       req.file.path,
@@ -148,8 +152,8 @@ Router.post("/create", upload.single("image"), async (req, res) => {
             return res.status(404).send({ error: "User not found" });
           }
           const blog = new Blog({
-            title,
-            content,
+            title: sanitizedTitle,
+            content: sanitizedContent,
             image,
             cloudinaryId,
             author: user.name,